Advanced FTP Security Configuration Issues

I've run anonymous FTP servers in the past, and more recently have begun supporting an FTP server (ProFTPd) whose users are jailed to their home directories.
I have now received a request to create several FTP accounts that are:
1) Jailed to their own home directories
2) Only able to upload to an "upload" directory
3) Only able to download from a "download" directory
And
4) Create a user account that can manage all the files in the aforementioned jails
Now, I can do this quite easily on a MS Windows system, but I really don't want to build a whole new server just for these few users.
It seems to me that traditional UNIX security doesn't seem to be granular enough to support this request. If this is not correct, could someone help me with the security structure required?
Or perhaps RBAC can help me here?
Also, based on a previous post, I am looking into "setfacl".
Thanks in advance,
M. McCabe

Solaris 9 and 10 include ftpconfig(1M) which does all that fiddly copying for you. You just need to create the accounts and home dirs. See "System admin guide: Network services" Chapter 28 and/or Sun doc #216460 "How do I configure ftp anonymous, guest and "chroot" user access in Solaris[TM]? ".
"The ftpconfig script is used to copy all necessary system files to the home directory. When the
guest user and the guest's home directory already exist, the ftpconfig script updates the area
with the current system files."

Similar Messages

Security related issues

Hi everybody,
We know that weblogic stores all its configuration
parameters in an xml file,including the userid and password for the database
in clear text form .
I want to know whether it is a security flaw?
Is there a way to encrypt the file contents,so that the userid and password
will not be in clear text form.
Any suggestions to increase the security on the config file by appliying os
restriction or by any third party tool will be helpful.
Thanks in advance
prashant

I am a co-founder of Calendar of Updates http://www.calendarofupdates.com/updates/index.php?act=idx This is a site that is primarily a Windows based security forum (I switched about 4-5 years ago). Over the years, I've tried to grow the Mac side of our forum, but, as you may know, there is little or no interest in security within the Mac community. For many, the feel security is a Windows issue.
It's a free site, so don't think I have a vested interest in growing the membership, I'm not an owner, either.
I just created an *Apple OS X Security Issues* forum http://www.calendarofupdates.com/updates/index.php?showforum=209
Right now it's an empty forum since it was created 10 minutes ago. Please feel free to join the forum and share security related issues and questions.
I am not aware of any other forums that deal with OS X security issues
exclusively, so this forum could be a good place to bookmark and visit from time to time.

Configuration Issue in User Mapping ..

Hi,
Pls help resolve this issue..
When i go to " UserMapping " option using the "Personalize " link , i get the following error msg..
"There is a configuration issue which leads to problem when accessing user mapping data for the selected backend system"
Also , if i go thru "User Administration -> User Mapping "
then it says,
--"There is a configuration issue which leads to problem when accessing user mapping data for the selected backend system .
Usually reason is user mapping being configured for Strong encryption, but necessary additional files might be missing.Check Security log file for information "--
I am not able to solve this problem..Pls help
Thanks in advance

Hi Venkat,
Here the quick and dirty solution:
In your portal go to 'System Administration' -> 'System Configuration' -> 'UM Configuration' -> 'Direct Editing'.
There locate the parameter 'ume.usermapping.unsecure', set it to 'TRUE' and restart your server.
I would rather recommend to install the unlimited strength jurisdiction policy files.
For more info on this, check this thread:
JCE Jurisdiction does not allow Portal to start
Hope this helps,
Robert

AD security group issues in SharePoint 2013 Integrated Mode

Hello,
Sorry if this is the wrong forum, I'm not sure if this is a SharePoint issue or a Reporting Services configuration issue (or if it should be in a SharePoint forum regardless).
I have SSRS2012 on SharePoint 2013 in integrated mode. We are doing item level permissions, which means we have an AD security group Reports-All with
Read to the Reports document library, then each actual report has unique permissions. We have a report with the ProjectManagers AD
security group on it with Read (plus some other stuff to let them manage subscriptions), and another AD security group ProjectUsers with
just Read access so they can open the reports. The data source used by this report has the AD security group I mentioned before, Reports-All,
with Read.
At a SharePoint level, things appear to work. When a user in ProjectManagers or ProjectUsers browses
to the library, they see only the 3 reports that those two security groups have permission to see (out of a lot more in the library). That means SharePoint is reading those security group memberships correctly as far as I can tell.
The issue is when a user in ProjectManagers or ProjectUsers clicks
on a report, they get a reporting server based error message, and the ULS logs have an error specific to the user trying to run the report.
Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user 'MyDomain\MyUser' are insufficient for performing this operation. (Fault Detail is equal to Microsoft.ReportingServices.ServiceContract.RsExceptionInfo)
If I add that specific user with Read permissions to the report and the data source, they are then able to run the report without errors. It seems like some Report Server component is not liking the fact that I'm using security groups.
Has anyone seen this behavior with AD security groups? Any ideas on why my environment does not want to work properly with those even though AD security groups are working fine for other non-Reporting Services files?
Thanks,
Aaron

Hi aaronzott,
According to your description, you configured SSRS 2012 of SharePoint integrated mode. You added read permission to reports and data source to AD security group Reports-All, then added just read permission to ProjectManagers and ProjectUsers groups. When
users in ProjectManagers or ProjectUsers groups click report, the error message occurred. After you added Read permissions to the report and the data source to the groups, they can preview the report without errors.
Report definition permissions are defined through List permissions on the library that contains the report, but we can set permissions on individual reports if we want to restrict access. Set properties on a report including data source connection information,
processing options, and parameter properties. Edit Items on the library that contains the report or on the individual report. We also need to have view permissions on a shared data source (.rsds) to select it for use with the report.
For more information about Set Permissions for Report Server Operations in a SharePoint Web Application, please refer to the following document:
http://msdn.microsoft.com/en-us/library/bb326286(v=sql.110).aspx
If you have any more questions, please feel free to ask.
Thanks,
Wendy Fu
If you have any feedback on our support, please click
here.

CC&B v2.3.1 Integration Configuration Issue

Hello all.
We're working on implementing the configuration for CC&B v2.3.1 for integration with AIA. However, we have been unable to successfully place any message to the AIA JMS queue. Our CC&B and AIA resides in 2 different servers.
We're using Weblogic 10.2 MP2, and JDK 1.5.0_21.
Based on the research I’ve done so far, it seems to be a problem with a Java security policy. And the recommendation was to add the following line to java.policy ==> permission javax.management.MBeanTrustPermission "register". I tried this. However, the error message did not change.
I hope the experts in this group will be able to help me resolve this problem.
These are the error messages that were logged when the Weblogic server was started.
myserver.log, weblogic_current.log, wl-domain.log
- ####<Nov 29, 2010 8:53:20 PM EST> <Error> <WebLogicServer> <ouccb01.solutionworks.com> <myserver> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1291082000425> <BEA-000297> <Inconsistent security configuration, java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11>
####<Nov 29, 2010 8:53:20 PM EST> <Emergency> <Security> <ouccb01.solutionworks.com> <myserver> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1291082000426> <BEA-090034> <Not listening for SSL, java.io.IOException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
- <Nov 29, 2010 8:53:20 PM EST> <Error> <WebLogicServer> <BEA-000297> <Inconsistent security configuration, java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11>
<Nov 29, 2010 8:53:20 PM EST> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
These are the error messages that were logged when we run the F1-SYNRQ batch job to faciliate the SP Sync Up
threadpoolworker log, F1-SYNRQ log
- 2010-11-29 21:06:51,270 [Thread-74:WorkProcessor$WorkRunner(WorkProcessor$WorkRunner:6628401a-f726-44fd-8bb9-372d31eee721)] ERROR (support.management.ManagementRegistrar) Unable to register MBean:spl.fw:service=BatchJob_F1-SYNRQ_0.1919 due to java.security.AccessControlException: access denied (javax.management.MBeanTrustPermission register)
- 2010-11-29 21:06:52,339 [Thread-12:WorkProcessor$WorkRunner(WorkProcessor$WorkRunner:f84dd719-e40e-4270-9a31-e519c5e37800)] ERROR (support.management.ManagementRegistrar) Unable to register MBean:spl.fw:service=BatchThread_F1-SYNRQ_1_of_1.35 due to java.security.AccessControlException: access denied (javax.management.MBeanTrustPermission register)
- weblogic.messaging.dispatcher.DispatcherException: Could not register a DisconnectListener for [Delegate(168736533) [weblogic.iiop.IOR[RMI:weblogic.messaging.dispatcher.DispatcherImpl:0000000000000000] @127.0.0.1:47097, <0, null>]] for weblogic.jms.C:ouccb01.solutionworks.com:up0:z33sj0vqj85k

Hi i'm not sure if you have solved this, but here is a resolution:
We followed the instructions and built the server with the correct version of pre-requisites, including jdk1.5.0_21 and jrockit-R27.5.0-jdk1.5.0_14. When the application started the WebLogic processes were looking to use an MD5withRSA algorithm that is no longer supported by either Solaris 10 or Verisign. You may find that the OS you are using is different, but replacing the cert with an older cert from a previous version of JDK did the trick.
The system was using a cacerts file located located in 'jdk1.5.0_21/jre/lib/security' folder and was unable to register the certificate due to the algorithms not being supported.
We did some investigation of why this might be and found many people having the same issues. The resulted solution was to locate a demo certification that was compatible. So we renamed the current jdk1.5.0_21/lib/security/cacerts file to cacerts.save and copied in the jrockit-R27.5.0-jdk1.5.0_14/lib/security/cacerts file as a replacement. Restarted all of the environments and now Https is operational.
So in fact we replaced a newer version of JDK's jre security file with an older one, this fixed the problem.
Thanks,
Trevor

EM Configuration issue.

I have installed grid agent on different server. When i ran emctl status agent i am getting below error.
EM Configuration issue. /u01/app/oracle/product/10g/hostname.com_ORCL.
OS is AIX
Thanks in advance...

I am in AGENT_HOME.You are under Agent installation that's one thing. You also need to make sure your environment variable ORACLE_HOME point to AGENT_HOME not the database installation.

Java Security Configuration Assistant fails to install

Hello,
I have a problem because Oracle Application Server 10g for Windows doesnt install. I have tried several times on various systems, but every time I have the same error when the installer comes to the "Java Security Configuration Assistant"
The command being spawned is:
C:\oracle2\product\10.1.0\Db_1/jdk/bin/javaw -Djava.net.preferIPv4Stack=true -classpath C:\oracle2\product\10.1.0\Db_1\dcm\lib\dcm.jar;C:\oracle2\product\10.1.0\Db_1\j2ee\home\jazn.jar;C:\oracle2\product\10.1.0\Db_1\j2ee\home\lib\jaas.jar;C:\oracle2\product\10.1.0\Db_1\j2ee\home\oc4j.jar;C:\oracle2\product\10.1.0\Db_1\jlib\ojmisc.jar -Doracle.security.jazn.config=C:\oracle2\product\10.1.0\Db_1\j2ee\home\jazn\install\jazn.xml oracle.security.jazn.util.JAZNInstallHelper -log C:\oracle2\product\10.1.0\Db_1\cfgtoollogs\jaznca.log -realm jazn.com -user admin -oldpwd welcome -newpwd 05f2d5c792fb24147255fbe8169f54594b -oh C:\oracle2\product\10.1.0\Db_1 -clearpwd false
Only the first parameter is interesting :
C:\oracle2\product\10.1.0\Db_1/jdk/bin/javaw
It has a mixture of slahes (/) and backslashes (\), the first half C:\oracle2\product\10.1.0\ is ok but the second half Db_1/jdk/bin/javaw is not compatible with windows (slahes are for unix path only), so it obviously doesnt work because this path with a mixture of / and \ is not correct. At this point, the installation of Oracle AS fails.
Does anybody know a cause for this, or a workaround to get AS installed ? Thanks

The mixture of slashes and backslashes isn't an issue for Windows. I have examined the failure of the assistant, but with the new release of AS10g (release 2), I would like to know if you still have the problem you describe.

How to Migrate Row Level Security Configuration

Hi Guys,
Does anybody know how to migrate row level security configuration? I suppose PeopleSoft provided a data mover script, like securityexport.dms.
Thank you in advance,
Bob

Here are two options to achieve what you want.
A. You can do this by coding, that's if you are ready to. Are you? If yes then try the steps below:
1. create a security codes table. Say for example
001 - company a
002 - company b
2. create a security table that will list all users and which company they should have access to. You can also implement this by roles.
3. alter all tables in the application schema to add a security code column. This will be a foreign key reference to table created in 1 above.
4. update all data in the tables according to which company they belong to.
5. write a procedure or package that does a validity check whenever a user requests for data. This procedure/package determines which company data the user has access/rights to.
With this, you should be able to achieve what you want if you do not want to spend on VPD and FGAC. The problem comes where there are users who would have cross access to data from both companies. In this regard, then you have to modify your security table a little bit to handle this.
B. This option i will admit is not so clean. You can also achieve this by two different views for every table in the application schema. And on each of these views, create a private synonym for every user. For illustration purposes:
Table name = Employee.
Create a view employee_a on employee
create a view employee_b on employee
Let's say you have users x and y. X has access to employees of company a and y has access to employees of company b. You can now create private synonyms for each of these users as follows:
create synonym employee on employee_a in x schema.
create synonym employee on employee_b on y schema.
This i have not tried but believe should work.
Hope one of these options serve your purpose.

WS Security Configuration error DELAY_L_ERE is inconsistent

Hello Colleagues,
if I try to activate the WS Securtiy Configuration (SE38 > WSS_SETUP) on a SAP ECC 6.0 System for a SAML Scenario over PI I get following notification:
WS Security Configuration
Service user 'DELAY_L_ERE' is inconsistent
Configuration for WS Security logon created
Service user 'DELAY_L_ERE' is consistent
Service: Name or password is incorrect (repeat logon)
The WS Security Configuration on PI was successfully without any errors!
Any ideas?
Many thanks in advanced!
Regards,
Jochen
Edited by: Jochen Schertel on Jun 18, 2010 10:43 AM

Hello Colleagues,
we found the solution.
Presumably it's required to have the profile "SAP_ALL" during executing WS Security Configuration.
Profile "SAP_ALL" solved the problem.
Regards,
Jochen

Lync 2013 to Exchange 2013 Oauth problem - Error:[OAuthTokenBuilder:GetAppToken] unable to continue building token; no locally configured issuer

Hi,
I am having a problem getting OAuth to work from Exchange 2013 to Lync 2013.
I have read and following the instructions online and cannot see what I am doing wrong.
On the Exchange 2013 server, I get the following error when I run:
Test-OAuthConnectivity -Service EWS -TargetUri
https://exchserver2.domainname.local/ews/ -Mailbox "Jack"
RunspaceId : 920118a3-6ab2-45dc-9b68-de68133de95e
Task : Checking EWS API Call Under Oauth
Detail : The configuration was last successfully loaded at 01/01/0001 00:00:00 UTC. This was 1059263714 minutes
ago.
The token cache is being cleared because "use cached token" was set to false.
Exchange Outbound Oauth Log:
Client request ID: 19ad80f6-7751-429f-aac5-e802105fbbc6
Information:[OAuthCredentials:Authenticate] entering
Information:[OAuthCredentials:Authenticate] challenge from
'https://exchserver2.domainname.local/ews/Exchange.asmx' received: Bearer
client_id="00000002-0000-0ff1-ce00-000000000000",
trusted_issuers="[email protected]",Negotiate,NTLM
Information:[OAuthCredentials:GetToken] client-id: '00000002-0000-0ff1-ce00-000000000000', realm: '',
trusted_issuer: '[email protected]'
Information:[OAuthCredentials:GetToken] start building a token for the user domain 'domainname.co.uk'
Information:[OAuthTokenBuilder:GetAppToken] start building the apptoken
Information:[OAuthTokenBuilder:GetAppToken] checking enabled auth servers
Error:[OAuthTokenBuilder:GetAppToken] unable to continue building token; no locally configured issuer
was in the trusted_issuer list, realm from challenge was also empty. trust_issuers was
[email protected]
Error:The trusted issuers contained the following entries
'[email protected]'. None of them are configured locally.
Exchange Response Details:
HTTP response message:
Exception:
System.Net.WebException: The request was aborted: The request was canceled. --->
Microsoft.Exchange.Security.OAuth.OAuthTokenRequestFailedException: The trusted issuers contained the
following entries '[email protected]'. None of them are
configured locally.
at Microsoft.Exchange.Security.OAuth.OAuthTokenBuilder.GetAppToken(String applicationId, String
destinationHost, String realmFromChallenge, IssuerMetadata[] trustedIssuersFromChallenge, String
userDomain)
at Microsoft.Exchange.Security.OAuth.OAuthTokenBuilder.GetAppWithUserToken(String applicationId,
String destinationHost, String realmFromChallenge, IssuerMetadata[] trustedIssuersFromChallenge, String
userDomain, ClaimProvider claimProvider)
at Microsoft.Exchange.Security.OAuth.OAuthCredentials.GetToken(WebRequest webRequest,
HttpAuthenticationChallenge challengeObject)
at Microsoft.Exchange.Security.OAuth.OAuthCredentials.Authenticate(String challengeString, WebRequest
webRequest, Boolean preAuthenticate)
at Microsoft.Exchange.Security.OAuth.OAuthCredentials.OAuthAuthenticationModule.Authenticate(String
challenge, WebRequest request, ICredentials credentials)
at System.Net.AuthenticationManager.Authenticate(String challenge, WebRequest request, ICredentials
credentials)
at System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials
authInfo)
at System.Net.HttpWebRequest.CheckResubmitForAuth()
at System.Net.HttpWebRequest.CheckResubmit(Exception& e, Boolean& disableUpload)
at System.Net.HttpWebRequest.DoSubmitRequestProcessing(Exception& exception)
at System.Net.HttpWebRequest.ProcessResponse()
at System.Net.HttpWebRequest.SetResponse(CoreResponseData coreResponseData)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Exchange.Monitoring.TestOAuthConnectivityHelper.SendExchangeOAuthRequest(ADUser user,
String orgDomain, Uri targetUri, String& diagnosticMessage, Boolean appOnly, Boolean useCachedToken,
Boolean reloadConfig)
ResultType : Error
Identity : Microsoft.Exchange.Security.OAuth.ValidationResultNodeId
IsValid : True
ObjectState : New
It appears to work fine from Lync 2013 to Exchange 2013.
When I run: Test-CsExStorageConnectivity -sipuri [email protected] -Binding Nettcp -Verbose in Lync 2013 I get a successful outcome:
VERBOSE: Successfully opened a connection to storage service at localhost using
binding: NetNamedPipe.
VERBOSE: Create message.
VERBOSE: Execute Exchange Storage Command.
VERBOSE: Processing web storage response for ExCreateItem Success.,
result=Success, activityId=0bbdc565-4a05-4b57-bf95-0c75488a1ef6, reason=.
VERBOSE: Activity tracing:
2015/01/02 19:15:55.616 Autodiscover, send GetUserSettings request,
[email protected], Autodiscover
Uri=https://exchserver2.domainname.local/autodiscover/autodiscover.svc, Web
Proxy=<NULL>
2015/01/02 19:15:55.616 Autodiscover.EWSMA trace,
type=AutodiscoverRequestHttpHeaders, message=<Trace
Tag="AutodiscoverRequestHttpHeaders" Tid="30" Time="2015-01-02 19:15:55Z">
POST /autodiscover/autodiscover.svc HTTP/1.1
Content-Type: text/xml; charset=utf-8
Accept: text/xml
User-Agent: ExchangeServicesClient/15.00.0516.004
</Trace>
2015/01/02 19:15:55.624 Autodiscover.EWSMA trace, type=AutodiscoverRequest,
message=<Trace Tag="AutodiscoverRequest" Tid="30" Time="2015-01-02 19:15:55Z"
Version="15.00.0516.004">
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
xmlns:a="http://schemas.microsoft.com/exchange/2010/Autodiscover"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<a:RequestedServerVersion>Exchange2013</a:RequestedServerVersion>
<wsa:Action>http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodiscove
r/GetUserSettings</wsa:Action>
<wsa:To>https://exchserver2.domainname.local/autodiscover/autodiscover.svc</
wsa:To>
</soap:Header>
<soap:Body>
<a:GetUserSettingsRequestMessage
xmlns:a="http://schemas.microsoft.com/exchange/2010/Autodiscover">
<a:Request>
<a:Users>
<a:User>
<a:Mailbox>[email protected]</a:Mailbox>
</a:User>
</a:Users>
<a:RequestedSettings>
<a:Setting>InternalEwsUrl</a:Setting>
<a:Setting>ExternalEwsUrl</a:Setting>
<a:Setting>ExternalEwsVersion</a:Setting>
</a:RequestedSettings>
</a:Request>
</a:GetUserSettingsRequestMessage>
</soap:Body>
</soap:Envelope>
</Trace>
2015/01/02 19:15:55.704 Autodiscover.EWSMA trace,
type=AutodiscoverResponseHttpHeaders, message=<Trace
Tag="AutodiscoverResponseHttpHeaders" Tid="30" Time="2015-01-02 19:15:55Z">
HTTP/1.1 200 OK
Transfer-Encoding: chunked
request-id: 5917d246-64b0-48e2-ad79-f9b6cffb5bea
X-CalculatedBETarget: exchserver2.domainname.local
X-DiagInfo: EXCHSERVER2
X-BEServer: EXCHSERVER2
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Set-Cookie: ClientId=FTFXWUQWWRJVBMNBG; expires=Sat, 02-Jan-2016 19:15:55 GMT;
path=/;
HttpOnly,X-BackEndCookie=actas1(sid:S-1-5-21-3691024758-535552880-811174816-113
5|smtp:[email protected]|upn:[email protected])=u56Lnp2ejJqBx8jIn
sqbxpvSz8rHx9LLzp7O0sbOzcnSzcqcmZqem8aempmcgYHNz87K0s/N0s/Oq87Gxc7KxcrK;
expires=Sun, 01-Feb-2015 19:15:55 GMT; path=/autodiscover; secure; HttpOnly
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-FEServer: EXCHSERVER2
Date: Fri, 02 Jan 2015 19:15:55 GMT
</Trace>
2015/01/02 19:15:55.704 Autodiscover.EWSMA trace, type=AutodiscoverResponse,
message=<Trace Tag="AutodiscoverResponse" Tid="30" Time="2015-01-02 19:15:55Z"
Version="15.00.0516.004">
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action
s:mustUnderstand="1">http://schemas.microsoft.com/exchange/2010/Autodiscover/Au
todiscover/GetUserSettingsResponse</a:Action>
<h:ServerVersionInfo
xmlns:h="http://schemas.microsoft.com/exchange/2010/Autodiscover"
xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<h:MajorVersion>15</h:MajorVersion>
<h:MinorVersion>0</h:MinorVersion>
<h:MajorBuildNumber>1044</h:MajorBuildNumber>
<h:MinorBuildNumber>21</h:MinorBuildNumber>
<h:Version>Exchange2013_SP1</h:Version>
</h:ServerVersionInfo>
</s:Header>
<s:Body>
<GetUserSettingsResponseMessage
xmlns="http://schemas.microsoft.com/exchange/2010/Autodiscover">
<Response xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<ErrorCode>NoError</ErrorCode>
<ErrorMessage />
<UserResponses>
<UserResponse>
<ErrorCode>NoError</ErrorCode>
<ErrorMessage>No error.</ErrorMessage>
<RedirectTarget i:nil="true" />
<UserSettingErrors />
<UserSettings>
<UserSetting i:type="StringSetting">
<Name>InternalEwsUrl</Name>
<Value>https://exchserver2.domainname.local/EWS/Exchange.asmx</Value>
</UserSetting>
<UserSetting i:type="StringSetting">
<Name>ExternalEwsUrl</Name>
<Value>https://exchserver2.domainname.co.uk/EWS/Exchange.asmx</Value>
</UserSetting>
<UserSetting i:type="StringSetting">
<Name>ExternalEwsVersion</Name>
<Value>15.00.1044.000</Value>
</UserSetting>
</UserSettings>
</UserResponse>
</UserResponses>
</Response>
</GetUserSettingsResponseMessage>
</s:Body>
</s:Envelope>
</Trace>
2015/01/02 19:15:55.704 Autodiscover, received GetUserSettings response,
duration Ms=88, response=NoError
2015/01/02 19:15:55.706 Lookup user details,
sipUri=sip:[email protected], [email protected],
sid=S-1-5-21-3691024758-535552880-811174816-1135, [email protected],
tenantId=00000000-0000-0000-0000-000000000000
VERBOSE: Items choice type: CreateItemResponseMessage.
VERBOSE: Response message, class: Success, code: NoError.
VERBOSE: Item: Microsoft.Rtc.Internal.Storage.Exchange.Ews.MessageType, Id:
AAMkADAwNWZkZWI0LWM5NGYtNDUxNy05Nzk3LWZhZjRiY2Y4MTU4NwBGAAAAAADLP1MgTEXdQ7zQSlb
qPl++BwBauhRZTfLbTYZ+hBWtK784ANcdmUYqAACSqIurRqgYSZwMhT/IBw89AACnT6G9AAA=,
change key: CQAAABYAAACSqIurRqgYSZwMhT/IBw89AACnip6b, subject: , body: .
VERBOSE: Is command successful: True.
Test passed.
All my certificates on the Exchange 2013 and Lync 2013 servers are from my local CA.
I use APP with the public certificates as my reverse proxy for people connecting from outside the network.
In Lync, the OAuthTokenIssuer certificate created through the Lync deployment wizard is issued to domainname.local (my primary sip domain) and the Subject Alternative names include domainname.co.uk
I then exported this certificate to the Exchange Server and use the Set-AuthConfig to use this certificate for OAuth.
from what I read this was what I was supposed to do.
is this correct?
I have tried so many things I don't know what do to next.
Should the OAuth certificate in exchange be the one exported from Lync?
In Lync, should the OAuthTokenIssuer certificate include the servername or lyncserver.domainname.local or just be domainname.local like it is at the moment?
thank-you
jack

Thomas,
thanks for giving this the time. I have run the Configure-EnterpriseApplication.ps1 script following by remove-PartnerApplication so many times that I was wondering if there are other setting that
Configure-EnterpriseApplication.ps1 creates that aer not removed when you run
remove-PartnerApplication.
is there a way to completely remove everything that is confirmed when you run
Configure-EnterpriseApplication.ps1 so I can run Configure-EnterpriseApplication.ps1 without there being any configurations left from when I previously run that command?
thanks
jack
[PS] C:\Windows\system32>Get-PartnerApplication |fl
RunspaceId : cb2fb328-769d-4b32-8b7b-1fa35e2994f5
Enabled : True
ApplicationIdentifier : 00000004-0000-0ff1-ce00-000000000000
CertificateStrings : {MIIGcDCCBVigAwIBAgITPgAAARIHL+ig32UAAQAAAAABEjANBgkqhkiG9w0BAQUFADBcMRUwEwYKCZIm
iZPyLGQBGRYFbG9jYWwxHTAbBgoJkiaJk/IsZAEZFg1HdWlkZUNsb3RoaW5nMSQwIgYDVQQDExtHdWlkZ
UNsb3RoaW5nLUFQUFNFUlZFUjEtQ0EwHhcNMTUwMTEwMTIxODIzWhcNMTcwMTA5MTIxODIzWjB7MQswCQ
YDVQQGEwJHQjEPMA0GA1UECBMGTG9uZG9uMQ8wDQYDVQQHEwZMb25kb24xHzAdBgNVBAoTFkd1aWRlIEN
sb3RoaW5nIExpbWl0ZWQxCzAJBgNVBAsTAkhRMRwwGgYDVQQDExNHdWlkZUNsb3RoaW5nLmNvLnVrMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzDzaLsjJfktsbwIJ998ihsZM/0rKGdIt8rIx00oc
HA7w0uVyz2UqnP9a8uRi6HkA7djbynlmGG0hKSUUQngXxz7q2dY6q9rcY5Rw2mJOMeppounx44FFp4+4e
5HQKviLTYo+3DBGIR0mYDqxanKPS00d0f7HDLvmVb90hjdrbE372JBdcNNHs2OHRqg37bN2fAbwd22c9x
2kvi0rESFnr+KcIGECVInCTHLJ7fwVqvi4hvRqtz7KLZsMXprpgeVDs45EMMRtwJ5Hw8uZR4CFz4dHSlo
dIVgDPn8Ns2vGhcUK0JU4WkDbjnqo1SJzHlqtNjiu//wGcn77PAiM0yhyQIDAQABo4IDCjCCAwYwCwYDV
R0PBAQDAgWgMCEGCSsGAQQBgjcUAgQUHhIAVwBlAGIAUwBlAHIAdgBlAHIwEwYDVR0lBAwwCgYIKwYBBQ
UHAwEwHQYDVR0OBBYEFOY3whPicRAXNsTDSIg3FexpaCKdMHUGA1UdEQRuMGyCH0x5bmNTZXJ2ZXIyLkd
1aWRlQ2xvdGhpbmcuY28udWuCH0x5bmNTZXJ2ZXIyLkd1aWRlQ2xvdGhpbmcubG9jYWyCE0d1aWRlQ2xv
dGhpbmcuY28udWuCE0d1aWRlQ2xvdGhpbmcubG9jYWwwHwYDVR0jBBgwFoAUDHst3gUSMGwvkiNTPavmi
UEWgtQwggEuBgNVHR8EggElMIIBITCCAR2gggEZoIIBFYaBzWxkYXA6Ly8vQ049R3VpZGVDbG90aGluZy
1BUFBTRVJWRVIxLUNBLENOPURvbVNlcnZlcjIsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2V
zLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9R3VpZGVDbG90aGluZyxEQz1sb2NhbD9jZXJ0
aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGQ
2h0dHA6Ly9jcmwuZ3VpZGVjbG90aGluZy5sb2NhbC9jcmxkL0d1aWRlQ2xvdGhpbmctQVBQU0VSVkVSMS
1DQS5jcmwwgdUGCCsGAQUFBwEBBIHIMIHFMIHCBggrBgEFBQcwAoaBtWxkYXA6Ly8vQ049R3VpZGVDbG9
0aGluZy1BUFBTRVJWRVIxLUNBLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2
aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPUd1aWRlQ2xvdGhpbmcsREM9bG9jYWw/Y0FDZXJ0aWZpY2F0Z
T9iYXNlP29iamVjdENsYXNzPWNlcnRpZmljYXRpb25BdXRob3JpdHkwDQYJKoZIhvcNAQEFBQADggEBAD
87GUPi02czEMO2Op0CeKBBpGwsfjYR9+RlC2uKAoH8PbWAxYNP3Ke6BtPeFy+95GGAJd5Z0+6LpO/AagA
+zeY/tocZQjy0pYaU4/TPZgD+ZB/8sU982msu+8waO316ipBcf/87n9ZW3Jjk5DcVbtwrZErrGRe9DEn8
QArN0jroLfaRtbDumse1Lp76+dxFuVhlLWcUXtIKaxm+UU9DS94EwJMtN54lDm3EG6hVdiGUR7TYqZU0K
HGm7HciIhuO+2rhAazOBiIAAW6wZRUpFKZONSVD6bKrQCzL12LvynQ7XC6Itgr4JGzNCmoN43dXwVCkWo
amTDdZY4h+QBqUvvY=}
AuthMetadataUrl : https://lyncserver2.domainname.local/metadata/json/1
Realm : domainname.local
UseAuthServer : False
AcceptSecurityIdentifierInformation : True
LinkedAccount : domainname.local/Users/LyncEnterprise-ApplicationAccount
IssuerIdentifier :
AppOnlyPermissions :
ActAsPermissions :
AdminDisplayName :
ExchangeVersion : 0.20 (15.0.0.0)
Name : LyncEnterprise-786f61476b634278a3c9b9e4ec08b660
DistinguishedName : CN=LyncEnterprise-786f61476b634278a3c9b9e4ec08b660,CN=Partner
Applications,CN=Auth Configuration,CN=domainname,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=domainname,DC=local
Identity : LyncEnterprise-786f61476b634278a3c9b9e4ec08b660
Guid : 07495125-ccd4-4443-82d9-74fc3b955cdf
ObjectCategory : domainname.local/Configuration/Schema/ms-Exch-Auth-Partner-Application
ObjectClass : {top, msExchAuthPartnerApplication}
WhenChanged : 10/01/2015 17:14:55
WhenCreated : 10/01/2015 17:14:55
WhenChangedUTC : 10/01/2015 17:14:55
WhenCreatedUTC : 10/01/2015 17:14:55
OrganizationId :
Id : LyncEnterprise-786f61476b634278a3c9b9e4ec08b660
OriginatingServer : DomServer2.domainname.local
IsValid : True
ObjectState : Unchanged

Sup 2.1.3 new security configuration problems

Hi all,
I created a new security configuration. In the new security configuration I configured for OpenLdap. Then I deployed my MBOs with a new security configuration.
but, when I try to register the devices a error appear:
May 6 09:19:45 dreifs-mini-ipad TEST[2433] <Warning>: onRegistrationStatusChanged: status = REGISTRATION_ERROR, code = 14850, message = SUPApplicationError_REGISTRATION_TEMPLATE_NOT_FOUND
What could be problem?
thanks in advance,
david

Please mark this Discussion with a Correct Answer and Helpful Answer where appropriate. See http://scn.sap.com/community/support/blog/2013/04/03/how-to-close-a-discussion-and-why Even if you discovered the solution without any outside contributions, it helps others to understand what the solution turned out to be.
Regards, Mike
SAP Customer Experience Group - CEG

Error when creating security configuration

I am trying to create new security configuration via Web Service administration. I clicked on Add for adding users but I was getting this exception
JBWEB000309: type JBWEB000066: Exception report
JBWEB000068: message
JBWEB000069: description JBWEB000145: The server encountered an internal error that prevented it from fulfilling this request.
JBWEB000070: exception
java.lang.NullPointerException
atg.nucleus.Nucleus.getAbsoluteName(Nucleus.java:2566)
atg.nucleus.Nucleus.getAbsoluteName(Nucleus.java:2533)
atg.nucleus.GenericService.getAbsoluteName(GenericService.java:447)
atg.nucleus.GenericService.startService(GenericService.java:560)
atg.nucleus.NucleusNameResolver.startService(NucleusNameResolver.java:1751)
atg.nucleus.MultiRootNameResolver.configureAndStartService(MultiRootNameResolver.java:1219)
atg.nucleus.MultiRootNameResolver.bindAndConfigureService(MultiRootNameResolver.java:959)
atg.nucleus.MultiRootNameResolver.createFromName(MultiRootNameResolver.java:849)
atg.nucleus.MultiRootNameResolver.resolveName(MultiRootNameResolver.java:455)
atg.nucleus.ResolveNameHelperImpl.resolveName(ResolveNameHelperImpl.java:274)
atg.nucleus.MultiRootNameResolverFactory$RequestResolveNameHelper.resolveName(MultiRootNameResolverFactory.java:832)
atg.servlet.DynamoHttpServletRequest.resolveNameSingleNucleus(DynamoHttpServletRequest.java:3898)
atg.servlet.DynamoHttpServletRequest.resolveName(DynamoHttpServletRequest.java:3857)
atg.servlet.DynamoHttpServletRequest.resolveName(DynamoHttpServletRequest.java:3835)
atg.droplet.DropletDescriptorManager.getPropertyValue(DropletDescriptorManager.java:395)
atg.droplet.DropletDescriptorManager.getPropertyStringValue(DropletDescriptorManager.java:304)
atg.droplet.DropletDescriptor.getPropertyStringValue(DropletDescriptor.java:318)
_dasadmin_3._atg._dynamo._admin._en._webservice._choose_sindividuals$_Param_8_output.service(_choose_sindividuals.java:398)
atg.servlet.DynamoPageServlet.service(DynamoPageServlet.java:142)
atg.servlet.DynamoHttpServletRequest.serviceLocalParameter(DynamoHttpServletRequest.java:4428)
atg.servlet.DynamoHttpServletRequest.serviceLocalParameter(DynamoHttpServletRequest.java:4687)
atg.droplet.security.GetAllPrincipalsDroplet.service(GetAllPrincipalsDroplet.java:208)
atg.servlet.DynamoServlet.service(DynamoServlet.java:152)
atg.servlet.pagecompile.PageSubServlet.serviceServlet(PageSubServlet.java:255)
atg.servlet.pagecompile.PageSubServlet.serviceByName(PageSubServlet.java:212)
_dasadmin_3._atg._dynamo._admin._en._webservice._choose_sindividuals$_Param_10_output.service(_choose_sindividuals.java:608)
atg.servlet.DynamoPageServlet.service(DynamoPageServlet.java:142)
atg.servlet.DynamoHttpServletRequest.serviceLocalParameter(DynamoHttpServletRequest.java:4428)
atg.servlet.DynamoHttpServletRequest.serviceLocalParameter(DynamoHttpServletRequest.java:4687)
atg.webservice.GetSecurityItem.service(GetSecurityItem.java:154)
atg.servlet.DynamoServlet.service(DynamoServlet.java:152)
atg.servlet.pagecompile.PageSubServlet.serviceServlet(PageSubServlet.java:255)
atg.servlet.pagecompile.PageSubServlet.serviceByName(PageSubServlet.java:212)
_dasadmin_3._atg._dynamo._admin._en._webservice._choose_sindividuals._jspService(_choose_sindividuals.java:705)
atg.servlet.jsp.DynamoJspPageServlet._jspService(DynamoJspPageServlet.java:152)
atg.servlet.jsp.DynamoJspPageServlet._jspService(DynamoJspPageServlet.java:116)
atg.servlet.jsp.DynamoJspPageServlet.service(DynamoJspPageServlet.java:202)
atg.servlet.pagecompile.PageCompileServlet.service(PageCompileServlet.java:498)
atg.servlet.DynamoServlet.service(DynamoServlet.java:152)
Could anyone help me figure out the cause for this issue?
Message was edited by: Nick Glover-Oracle
(To add new lines to stack trace)

This is the operation that I am trying to expose
http://ech-10-157-132-76.mastercard.int:8080/userprofiling/usersession/loginUser?WSDL

OC4J Configuration issue. when trying to enable OEM on 10g

Good Morning to all ;
Just now i posted question related to OEM (when getting error).
I can't connect my OEM with any user
Here i created DB using DBCA with OEM but i couldn't login via BROWSER ...
Please ignore this question here .. ( Not a Duplicate Question)
This question is different , but related to OEM ( Ok . I am explaining my issues here. I created Database using DBCA without enabling OEM.
then i set ORACLE_SID and tried to execute OEM but getting error.
$ emctl start dbconsole
TZ set to Asia/Calcutta
OC4J Configuration issue. /u01/app/oracle/product/10.2.0/db_1/oc4j/j2ee/OC4J_DBConsole_linuxserver_orcltest not found.
NOTE : I want to know answer for 2nd question. what is OC4J Configuration issue. - How can i resolve that ? or
Thanks in advance ..

Hello Sb
I perfectly upgraded my DB with OEM to 10.2.0.4.0 on OEL4. i'm going to do on rhel-5
*$ export ORACLE_SID=orcl*
[oracle@oel ~]$ sqlplus /nolog
SQLPlus: Release 10.2.0.4.0 - Production on Sun Apr 21 00:59:53 2013*
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
SQL> conn /as sysdba
Connected.
SQL> startup
ORA-01081: cannot start already-running ORACLE - shut it down first
SQL> cl scr
SQL> select comp_name , version , status from dba_registry;
COMP_NAME
VERSION STATUS
Oracle Database Catalog Views
10.2.0.4.0 VALID
Oracle Database Packages and Types
10.2.0.4.0 VALID
Oracle Workspace Manager
10.2.0.4.3 VALID
COMP_NAME
VERSION STATUS
JServer JAVA Virtual Machine
10.2.0.4.0 VALID
Oracle XDK
10.2.0.4.0 VALID
Oracle Database Java Packages
10.2.0.4.0 VALID
COMP_NAME
VERSION STATUS
Oracle Expression Filter
10.2.0.4.0 VALID
Oracle Data Mining
10.2.0.4.0 VALID
Oracle Text
10.2.0.4.0 VALID
COMP_NAME
VERSION STATUS
Oracle XML Database
10.2.0.4.0 VALID
Oracle Rule Manager
10.2.0.4.0 VALID
Oracle interMedia
10.2.0.4.0 VALID
COMP_NAME
VERSION STATUS
OLAP Analytic Workspace
10.2.0.4.0 VALID
Oracle OLAP API
10.2.0.4.0 VALID
OLAP Catalog
10.2.0.4.0 VALID
COMP_NAME
VERSION STATUS
Spatial
10.2.0.4.0 VALID
Oracle Enterprise Manager
10.2.0.4.0 VALID
17 rows selected.
Thanks ..

OAB/OSB Oracle Advanced/Standard Benefits Enrolling Issue manually.

Hello Everyone - The issue I am about to list below maybe peculiar in ERP nature and I think it will get lot of Benefits Guru thinking as it has got me(tho I am no Benefits Guru).
First, lets get basic nuts and bolts in place about the environment,
1. We are using Oracle 11i for just HR with functionality of payroll and benefits as suitable to client.
2. Payroll is outsourced, maintaining benefits is outsourced.
3. Deciding if it is OSB or OAB is bit tricky here, as parts of both are used.
4. Only one Life Event - 'UnRestricted' is used.
5. Benefit Programs, Plans, Options are built just as it is in outsourced Benefits Portal.
6. Activity Rate is built and attached to Payroll Elements. This maintains the correct information for employee benefits and this information is pushed to outsourced Payroll for deductions.
7. Open Enrollements were done in NOV.11 FOR THE year-2012.
8. No Benefits or Payroll concurrent processes are executed in Oracle.
9. New enrollments and changes to current enrollments are done via Benefits Service Center-->Non-Flex Program form.
Now that we have established the ground, lets detail out the issue,
10.A new plan is created for LTD as of Jan.01,2012. This plan falls in a Plan Type. We just have one single Benefit Program. Variable Rate Profile and Standard Rates for LTD plan started as of Jan.01,2012.
11. Eligibility Profile is created for this plan based on only Age band, e.g., 1-20..21-29...etc.
12. Variable Rate Profile is built as per the age band and attached with above Eligibility Profile. Details of important information for Variable Rate profile is as the following,
- Employee Payroll Contribution
- Aftertax
-Monthly
- Multiply By
- Rates
Calculation Method - Multiple of Compensation
Multiplier - .07
Operator - PER hUNDRED
Comp. Factor - Monthly Salary
Rounding COde - Round to Nearest Hundreth
13. Standard rate details are as below,
- Calculation Method - Flat Amount
- Enter Value At Enrollment is selected.
Values for Min,Max,Increment,Default is enter
No other information on any other form is enter.
Lets come to the issue now, please keep in mind that Non Flex Program form is used via Benefits Service Center to execute below situations,
============================================================================================================
Situation 1-
Client wanted to put employees on this plan from Jan.01,2012 BUT is not able to because the pay period start date for Jan.01,2012 falls on Dec.19,2011. As plan is created on Jan.01,2012 so it is not allowing to enroll employees on Jan.01 so instead they are enrolled as of Jan.02,2012(pay period start date for second period 2012).
Questions 1-
Is it ok to start them on Jan.02,2012? Does that mean employees are not covered for one day? Is it possible to change the start date of the plan, variable profile and standard rate before or on Dec.19,2011? OR can we force to enroll employees from Jan.01,2012?
===========================================================================================================
Situation 2 -
New employees are created after January 2012 and and benefits administrator tries to enroll them on the plan. Employee start date falls in middle of the pay period start and end date hence while enrolling a system error pops up that employee assignment is not active as of the pay period start date. This is true so as a workaround, these employees are enrolled on the plan from the next pay period from the date of joining.
Question 2 -
Is this expected functionality in benefits? IF it is then is there a way to enroll employees on the benefit plan as of the joining date, without worrying about the pay period start date?
===============================================================================================================
Situation 3 -
Different behavior on non flex program form for just one employee who has been with the company for 2 years on full-time basis. When tried to enroll this employee on the LTD plan, a pop-up window appears with all rate options setup as per the variable rate profile. If a rate is selected from this list than it defaults the amount in the Defined section of Amount Tab. While for everyone else, when enrolling them on the Plan, no pop-up window appears and the benefits administrator can enter the Amount in Defined section.
Question 3 -
Is this an expected functionality? Can someone please shed some light on why this is happening and how to fix it?
=============================================================================================================
Thats all I have for now and I really need advice on the 3 situations above. I have hit the road block and not sure how to proceed.
Looking forward to the post replies.
Thanks in Advance.

Hello Everyone - The issue I am about to list below maybe peculiar in ERP nature and I think it will get lot of Benefits Guru thinking as it has got me(tho I am no Benefits Guru).
First, lets get basic nuts and bolts in place about the environment,
1. We are using Oracle 11i for just HR with functionality of payroll and benefits as suitable to client.
2. Payroll is outsourced, maintaining benefits is outsourced.
3. Deciding if it is OSB or OAB is bit tricky here, as parts of both are used.
4. Only one Life Event - 'UnRestricted' is used.
5. Benefit Programs, Plans, Options are built just as it is in outsourced Benefits Portal.
6. Activity Rate is built and attached to Payroll Elements. This maintains the correct information for employee benefits and this information is pushed to outsourced Payroll for deductions.
7. Open Enrollements were done in NOV.11 FOR THE year-2012.
8. No Benefits or Payroll concurrent processes are executed in Oracle.
9. New enrollments and changes to current enrollments are done via Benefits Service Center-->Non-Flex Program form.
Now that we have established the ground, lets detail out the issue,
10.A new plan is created for LTD as of Jan.01,2012. This plan falls in a Plan Type. We just have one single Benefit Program. Variable Rate Profile and Standard Rates for LTD plan started as of Jan.01,2012.
11. Eligibility Profile is created for this plan based on only Age band, e.g., 1-20..21-29...etc.
12. Variable Rate Profile is built as per the age band and attached with above Eligibility Profile. Details of important information for Variable Rate profile is as the following,
- Employee Payroll Contribution
- Aftertax
-Monthly
- Multiply By
- Rates
Calculation Method - Multiple of Compensation
Multiplier - .07
Operator - PER hUNDRED
Comp. Factor - Monthly Salary
Rounding COde - Round to Nearest Hundreth
13. Standard rate details are as below,
- Calculation Method - Flat Amount
- Enter Value At Enrollment is selected.
Values for Min,Max,Increment,Default is enter
No other information on any other form is enter.
Lets come to the issue now, please keep in mind that Non Flex Program form is used via Benefits Service Center to execute below situations,
============================================================================================================
Situation 1-
Client wanted to put employees on this plan from Jan.01,2012 BUT is not able to because the pay period start date for Jan.01,2012 falls on Dec.19,2011. As plan is created on Jan.01,2012 so it is not allowing to enroll employees on Jan.01 so instead they are enrolled as of Jan.02,2012(pay period start date for second period 2012).
Questions 1-
Is it ok to start them on Jan.02,2012? Does that mean employees are not covered for one day? Is it possible to change the start date of the plan, variable profile and standard rate before or on Dec.19,2011? OR can we force to enroll employees from Jan.01,2012?
- This depends on your business case. Product feature wise, all are possible options. Some easier than others. You can control when the coverage starts and when the employee starts paying in separate codes. So, one can be different from the other.
===========================================================================================================
Situation 2 -
New employees are created after January 2012 and and benefits administrator tries to enroll them on the plan. Employee start date falls in middle of the pay period start and end date hence while enrolling a system error pops up that employee assignment is not active as of the pay period start date. This is true so as a workaround, these employees are enrolled on the plan from the next pay period from the date of joining.
Question 2 -
Is this expected functionality in benefits? IF it is then is there a way to enroll employees on the benefit plan as of the joining date, without worrying about the pay period start date?
- The only requirement in OAB is that the person should be available as of the life event occured date. Of course in case of a new hire, you cannot write any data before the start date of the person. this needs to be handled via correct configuration. If you want the employees to get enrolled from the next pay period, chose appropriate rate and coverage start date codes.===============================================================================================================
Situation 3 -
Different behavior on non flex program form for just one employee who has been with the company for 2 years on full-time basis. When tried to enroll this employee on the LTD plan, a pop-up window appears with all rate options setup as per the variable rate profile. If a rate is selected from this list than it defaults the amount in the Defined section of Amount Tab. While for everyone else, when enrolling them on the Plan, no pop-up window appears and the benefits administrator can enter the Amount in Defined section.
Question 3 -
Is this an expected functionality? Can someone please shed some light on why this is happening and how to fix it?
-- I think this is a data/setup issue. Please investigate accordingly.=============================================================================================================
Thats all I have for now and I really need advice on the 3 situations above. I have hit the road block and not sure how to proceed.
Looking forward to the post replies.
Thanks in Advance.
Edited by: Vinayaka Prabhu on Apr 23, 2012 9:24 AM

Wireless 1410 Throughput Test and Security Configuration

Hi Team
Could you please address on the security configuration of the 1410 bridge and on how to test the bandwidth/throughput between two 1410 Bridges setup for point-to-point connectivity.
We have setup this in one of our Client sites.
Awaiting your reply.
Thanks in advance!
Regards
Unni Kannan
Systems Engineer

Bandwitdh testing is usually done with Iperf with an iperf PC standing at each side of the bridge.
I'm not sure what you mean with "address on the security configuration" though ...

Advanced FTP Security Configuration Issues

Similar Messages

Maybe you are looking for